------------------------------------------------------------------------Abstract------------------------------------------------------------------------Seagate Personal Cloud is a consumer-grade Network-Attached Storagedevice (NAS). It was found that Seagate Media Server is vulnerable topath traversal that allows unauthenticated attackers to downloadarbitrary files from the NAS. Since Seagate Media Server runs with rootprivileges it is possible to exploit this issue to retrieve sensitiveinformation from the NAS.

------------------------------------------------------------------------Tested versions------------------------------------------------------------------------This issue was tested on a Seagate Personal Cloud model SRN21C runningfirmware versions 4.3.16.0 and 4.3.18.0. It is likely that otherdevices/models are also affected.

------------------------------------------------------------------------Fix------------------------------------------------------------------------This issue has been fixed in firmware version 4.3.18.4.